July 09, 2021
2373
0Fair Comparison of the Best Private Messengers for 2021
Let’s understand up front that an evaluation of private messengers is partly subjective. It is impossible to determine the absolute winner when different products provide different functions for different people’s requirements. Therefore, we will evaluate messengers according to various security and usability criteria.
Based on the results of evaluating and studying the opinions of industry experts, we have selected five messengers focused on protecting user data:
Utopia – a non-profit project of the anonymous 1984 group
Signal – a non-profit project of Open Whisper Systems (Moxie Marlinspike)
Threema – a commercial project of Threema GmbH (Manuel Kasper)
Silence – a non-profit project of Silence Team (Bastien Le Querrec and Carey Metcalfe)
Wickr Me – a commercial project of Wickr Inc. (Joel Wallenstrom)
For the analysis, we’ve selected three main categories on which to evaluate each service:
We’ve considered both the positive aspects of messengers and the negative ones and made a logical conclusion at the end.
Read on to find out what we’ve come up with.
- Base criteria
Utopia is a closed and non-profit project of the 1984 group. It was created to ensure the privacy of every user on the network. It is based on a fully-decentralized protocol with no single server for data storage. All messages and other media files are being delivered through a client-P2P network using end-to-end encryption based on modern, uncompromised encryption algorithms using open-source cryptographic libraries.
Regarding users’ data collection, there is no central authority to collect and store any personal data. You do not need any personal data to register: all registration and subsequent use is completely anonymous.
Utopia is built on a peer-to-peer architecture that has no signature and cannot be stopped. The ecosystem uses the cryptographic algorithms Curve25519, XSalsa20 stream cipher,and Poly1305 MAC. Application Storage Encryption has been protected by using 256-bit AES encryption.
It hasn’t a function of MESH Networking (Functioning without Internet) and CO2 Usage feature.
- Primary features
The platform’s full decentralization provides everything necessary for secure instant messaging, file sharing, browsing, e-mail, financial transactions, mining, game-playing, and more. All the essential tools are already created for the ecosystem and available for use upon registration.
The ecosystem has created a decentralized equivalent of the classic DNS, called uNS. This was done in order to protect user data, as DNS is subject to pressure and censorship by less sophisticated international laws.
Also, there are such typical features of messengers as sending and receiving text messages, voice messages, creating private chats. For example, you can create channels in the messenger and communicate with an audience according to interests.
Among the interesting things, you can highlight the corporate design and brand sticker packs of the ecosystem.
In addition, you can use the API function for instant and secure transfer of existing sites to the ecosystem. You can use it to mirror a public site into the ecosystem, and the creator will remain anonymous, as will all users who visit it.
- Other
At the moment, the ecosystem runs on Windows, Linux, and iOS operating systems. The mobile version of the platform will be released soon.
For offline key verification, the ecosystem uses uCodes. This is more convenient and secure as opposed to using standard QR codes.
There is one interesting mechanism to reward regular users: mining and Proof of Stake Rewards. In the first case, users can run a built-in mining bot that is safer and more environmentally friendly than its traditional competitors. In the second case, the user will receive Cryptons (the internal cryptocurrency of the ecosystem), for each 15-minute session through the ecosystem.
- Base criteria
Signal is a classic non-profit project of Open Whisper Systems (Moxie Marlinspike) for daily use. The messenger works and develops through donations and grants from the Freedom of the Press Foundation, Knight Foundation, Open Technology Fund, and Signal Foundation (since 2018).
Unlike Utopia P2P, Signal is not fully decentralized and uses a single server to store users’ data. All messages, calls, and media are delivered via a client-server-client model using end-to-end encryption. The app collects the following user data:
- Phone number
- Public key material
- Push tokens
- Date and time of user’s registration
- Date of user’s last connection
- Certain information (e.g. a recipient’s identifier, an encrypted message body, etc.) is transmitted to Signal to place calls or transmit messages
Unfortunately, Signal uses the third-party servers of large corporations to transit traffic. So, the application is not anonymous.
With regard to the cryptographic algorithms used, it is based on Curve25519, AES-256, and HMAC-SHA256. At the same time, Signal application storage encryption depends on OS encryption. For instance, on Android, this database is not encrypted unless the user has enabled full-disk encryption or set a passphrase through the settings page.
Signal has a MESH Networking feature: users can communicate via Wi-Fi (internet) or SMS (without internet). But the CO2 Usage feature is missing here.
- Primary features
The program allows writing text messages, creating group chats (up to 1000 participants maximum), calling by voice or video (up to 8 users at a time), and sharing photos, emojis and videos, along with your location and contacts. The app can be used instead of the standard one for SMS.
Signal is an ordinary messenger, unlike Utopia. It is not built on a decentralized network and does not offer built-in tools such as e-mail, browser, and e-wallet to provide financial transactions.
By the way, the creators of Signal have made the API code publicly available: everyone can check it out on GitHub.
- Other
Signal is available for use on phones (Android and iOS), and desktops (Windows, MacOS, and Linux), but it does not have built-in games or rewards mechanism like in Utopia P2P. It is, however, free of charge.
For offline key verification, the system uses QR codes.
Regarding the weak spots of the messenger, we can point the following:
- No encryption of SMS and MMS messages
- No secure voice calls
- No lock
Also, hackers can inject a malicious payload inside the Signal desktop app running on the recipients’ system just by sending them a specially crafted link – without requiring any user interaction. Using this vulnerability, attackers can even inject a form on the recipient’s chat window, tricking them to reveal their sensitive information using social engineering attacks.
In 2017, the CIA was able to bypass the encryption by hacking through smartphones.
- Base criteria
Threema is a commercial project of Threema GmbH developed by Manuel Kasper in December 2012. The messenger is funded by Threema GmbH. Threema isn’t built on a fully decentralized protocol. All messages and media are delivered using a client-server-client model with end-to-end encryption. The app collects the following user data:
- Phone number (when linked)
- Email (when linked)
- 8-digit Threema ID
- Key pair (consisting of a public key and a private key)
- Messages and data are stored on servers until successfully delivery to the recipient
It is based on the cryptographic algorithms Curve25519 256, XSalsa20 256, and Poly1305-AES 128. The Threema application storage encryption works in two different ways:
– For Android and Windows Phones: Protected using 256-bit AES encryption
– For iOS: Depends on OS encryption
It is not an anonymous app and does not have additional features like MESH Networking or CO2 Usage.
- Primary features
The messenger allows sending text messages, photos, videos and voice messages up to 25 MB, and you can also transmit your geographical location. In addition to individual communication, you can also have group chats with multiple contacts but without brand stickers.
Using this app, can make voice calls that will be protected from leaks. But, unfortunately, it does not use decentralized DNS and doesn’t have a built-in browser for internet surfing.
By the way, the creators of Signal have made the API code publicly available.
There is no opportunity to make financial transactions in the app, unlike in Utopia P2P.
- Other
Threema is available for use on phones (Android, iOS, Windows Phone, Blackberry), desktops (Windows, MacOS, and Linux), tablets (Amazon Fire OS), e-books, smartwatches, and Android Auto. It does not have any built-in games or rewards mechanism like in Utopia P2P. It is a paid app.
For offline key verification, the system uses QR codes.
As far as the weak spots of the messenger go, we can point the following:
- Collects user data
- Asks for GPS location
- No passcode / fingerprint lock
- No open source CO2 Usage
By default, Threema enforces relaying through TURN for all unverified contacts (with a single red dot as verification status). Relaying has the advantage of hiding the call partner’s public IP address, thus providing added privacy when the peer is not trusted. On the other hand, it exposes some metadata towards the TURN server, and the connection quality (especially latency) may be worse than in a direct call.
- Base criteria
Silence is a non-profit project of the Silence Team (Bastien Le Querrec and Carey Metcalfe). This is an independent project funded by donations. It does not use a fully decentralized protocol. It uses traditional SMS as the carrier for the delivery, revealing metadata and correspondents. However, it does include end-to-end encryption.
The app collects the following user data:
- Phone number
- Contacts
It is based on the Axolotl encryption protocol. The Silence application storage encryption works in the same way: using Axolotl encryption.
It is not an anonymous app. It has the additional feature of MESH Networking but not CO2 Usage.
- Primary features
Silence is designed to exchange encrypted SMS and MMS messages and works where there is no access to the internet, but only to a mobile network. You can make voice calls without the opportunity to make video calls or send voice and video messages.
Silence is built on open-source code, it has a decentralized DNS, and does not require an Internet connection for stable communication.
By the way, the creators of Silence have made the open code publicly available on GitHub.
There is no opportunity to make financial transactions in the app, unlike in Utopia P2P.
- Other
Silence is available only on Android. It does not include built-in games or a rewards mechanism like in Utopia P2P. It is a free app.
For offline key verification, the app doesn’t use QR codes.
The weak spots of the messenger are:
- Collects user data
- Requires mobile phone for calls and SMS
- No encryption of SMS and MMS messages
- Reported problems with calls and interface
- Can’t block spam messages
The main drawback of Silence is that it communicates via SMS. On that basis, it is impossible to organize video and audio calls and many other functions that are familiar to us in modern messengers. In addition, the application has limited functionality.
- Base criteria
Wickr Me is a commercial project of Wickr Inc., created by Joel Wallenstrom. It is funded in two ways:
- Series A funding round (including investments from Juniper Networks and the Knight Foundation)
- Series B funding round (including CME Group and Wargaming)
It isn’t built on a fully decentralized protocol. All messages and media are delivered using a client-server-client model with end-to-end encryption. The app collects the following user data:
- Phone number
- Account information
- Device information
- Number of sent/received messages
- Number of external ID’s (email addresses and phone numbers) connected to the account, but not the plaintext external IDs themselves
It is based on the cryptographic algorithms ECDH512, AES-256, and HMAC-SHA256. The Wickr Me application’s storage encryption works using 256-bit AES encryption.
It is not an anonymous app and lacks additional features like MESH Networking or CO2 Usage.
- Primary features
The messenger boasts the following features: sending text messages and photos, videos and voice messages and calls, and the ability to transmit your geographical location. In addition to individual communication, you can also have group chats.
To start a conversation, you need to add the user to the contact list. Search by ID, email address, or phone number is available. You can send text messages, photos, videos, and PDF files.
The messenger has a built-in image editor. It allows you to crop the image and add a caption. You can choose which files to send from your local device or the cloud.
There is a P2P multilayered security feature that will protect from leaks. Unfortunately, it does not use decentralized DNS and has no built-in browser for internet surfing.
The creators of Wickr have made the open code publicly available on GitHub.
There is no opportunity to make financial transactions in the app unlike in Utopia P2P.
- Other
Threema is available for usage on phones (Android and iOS), desktops (Windows, MacOS, and Linux), and tablets. However, it does not include built-in games or a rewards mechanism like in Utopia P2P. It is a free app.
For offline key verification, the system uses QR codes.
Regarding the weak spots of the messenger, we can point the following:
- Collects user data
- Not open source
- Vulnerability of encryption
In the past there was a weak spot that allowed hackers to handle the class SessionManager via method “sucessfullyResumedSession” and then bypassing the authentication process (now fixed).
The best messenger: table comparison
And so, what should you pay attention to when choosing an application for communication? The best messengers have the following set of characteristics:
- data security
- strong encryption
- wide functionality
- user-friendly, intuitive interface
- stable operation
- low power consumption and resource consumption
As for our messengers, we have combined the main characteristics in a table for visual comparison:
|
Base Criteria |
Utopia |
Signal |
Threema |
Silence |
Wickr |
|
Encryption |
Modern encryption algorithm using open-source library |
Messages and calls are always end-to-end encrypted |
End-to-end encryption |
End-to-end encryption |
End-to-end encryption |
|
Free of charge |
Yes |
Yes |
No |
Yes |
Yes |
|
Instant Messaging |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Yes |
No |
No |
No |
No |
|
Group Chats |
Yes |
Yes |
Yes |
No |
Yes |
|
Anonymous usage |
Yes |
No |
No |
No |
No |
|
Wide built-in functionality |
Yes |
Yes |
Yes |
No |
Yes |
|
Multiple devices |
No |
Phone Desktop |
Phone Tablet E-Book Smartwatch Android Auto |
No |
Phone Desktop Tablet |
|
Rewards Mechanism |
Mining Proof of Stake Reward |
No |
No |
No |
No |
|
Supported Platforms (Desktop) |
Windows MacOS Linux |
Windows MacOS Linux distributions supporting APT |
Windows |
No |
Windows MacOS Linux |
|
Supported Platforms (Mobile) |
Under development |
Android iOS |
Android iOS Windows Phone Blackberry Amazon Fire OS |
Android |
Android iOS |
A few more words about each of the messengers:
Utopia P2P is not only an instant messenger. It has a built-in package of tools for full-fledged work on the network. In addition, all online activity is anonymous, you cannot be tracked or compromised.
Signal is a fairly secure messenger recommended by many celebrities. However, do not forget that to start using it, you must enter your personal phone number.
Threema is a new generation messenger. However, the registration is not anonymous, so the user’s data will be stored on the server. Despite the fact that the application is paid, it does not provide the optimal level of security.
Silence is an unusual application that works via SMS, meaning an Internet connection is optional. It collects a large amount of user data, and hackers can intercept the correspondence.
Wickr is an application that is suitable for beginners in the world of private technologies. It is good for starting an acquaintance with privacy and security. However, you should not expect a high level of security from it since it requests and stores its users’ personal data.
All in all, the choice is up to you!
